In our current workflow of customer onboarding, we are provisioning
customer users from their IDP (like ADFS) into Keycloak via script. As part
of this process once user is created in Keycloak, the script creates IDP
linking for the user and for this purpose script uses the Keycloak username
field and use it in Provider User Id and Provider Username fields of IDP
As Keycloak stores the username in lowercase format the same value with
lowercase gets reflected in the Provider User Id field (e.g.
abhigokhale(a)gmail.com). The problem is if the SAML response contain Name ID
with mix case (say Abhigokhale(a)gmail.com) then Keycloak displays the
message that user with the same email already exist. Please note, we are
using First login flow with only Create User If Unique authenticator
enabled and rest as disabled.
I would like to get your opinion if Keycloak shall handle this scenario as
its storing the username with lowercase.
Thanks & Regards,
Show replies by date